General Data Protection Regulation (GDPR)
What is GDPR?
From the 25th May 2018, new regulations will be introduced which affect how our School handles people’s data. This is called the General Data Protection Regulation. Compliance with the regulations will be an ongoing process and the School have appointed a data protection officer to advise and manage compliance with the regulation. Full details of our data protection officer can be found at below should you have any questions.
The new GDPR is replacing the current Data Protection Act (DPA) and is set to strengthen and unify all data held within an organisation. For schools, GDPR brings a new responsibility to inform parents and stakeholders about how they are using students' data and who it is being used by.
What are your rights?
- we are required to ask your consent to use the data that we hold on you or your child
- you have the right to withdraw that consent
- you have the right to be informed – all schools must be transparent in how they are using personal data
- you have the right to data portability – this allows individuals to retain and reuse their personal data for their own purpose
- you have the right to object – in some circumstances, individuals are entitled to object to their personal data being used
- you have the right to rectification of incorrect or incomplete data and a duty to ensure we are informed if any information changes– giving individuals the right to rectify personal data
- you have the right to erasure – often referred to the right to be forgotten
How is school data used?
A great deal of the processing of personal data undertaken by schools will fall under a specific legal basis, 'in the public interest'. As it is in the public interest to operate schools successfully, it will mean that specific consent will not be needed in the majority of cases in schools.
We have published the following policies and procedures and notices that are compliant with the new regulations and will keep you informed of any developments in the coming months. Some of those may be about consent and some about updating your information with us. We would appreciate it if you would read all information you receive and send back any relevant documents back to school.
For the time being, your data will be handled in the same manner in accordance with legal principles. In the meantime we thank you for your patience whilst we take the necessary steps set by the new legislation and guidance with handling data.
Data Protection Officer
We have appointed a data protection officer (DPO) to oversee compliance with data protection. If you have any questions about how we handle your personal information which cannot be resolved by the school, then you can contact the DPO on the details below: -
Data Controller Name: Craig Stilwell
Data Controller Details: Judicium Consulting Ltd, 72 Cannon Street, London, EC4N 6AE
Data Controller Email: firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues at https://ico.org.uk/concerns.